github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-07 22:53:55 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
9f389081fbde70d2ce37b50a9d7380960c719dbc
infisical/docs/documentation/platform/ssh/concepts/ssh-certificates.mdx

27 lines
1.9 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "SSH Certificates"
description: "Learn what SSH certificates are, why they're useful, and how they enable secure, scalable infrastructure access."
---
SSH access is ubiquitous — It's how engineers, scripts, and platforms across the world remotely administer Linux systems. That said, as teams and systems grow, managing access with static SSH keys becomes brittle and issues like key sprawl, unclear boundaries, and poor revocation hygiene start to emerge.
_SSH certificates_ offer an alternative approach to securing and managing access at scale.
## What is an SSH Certificate?
An _SSH certificate_ is a short-lived, signed credential that proves a user or hosts identity. Unlike static SSH keys, which are distributed and managed manually, SSH certificates rely on a centralized certificate authority (CA) to vouch for identities.
There are two types of SSH certificates:
- User certificates: Issued to users to authenticate with remote hosts
- Host certificates: Issued to hosts so clients can verify they're trusted
Because certificates are time-bound and centrally managed, theyre easier to audit, revoke, and scale across infrastructure.
## SSH with Infisical
Infisical SSH gives you a secure, scalable way to manage infrastructure access using SSH certificates — without the overhead of running your own certificate authority, wiring trust across hosts, or building issuance workflows from scratch.
It replaces long-lived SSH keys with short-lived, identity-bound certificates and handles all the moving parts for you: operating CAs, configuring trust between users and hosts, and issuing certificates on demand. With Infisical SSH, you can register a host with [`infisical ssh add-host`](/cli/commands/ssh#infisical-ssh-add-host), then connect with [`infisical ssh connect`](/cli/commands/ssh#infisical-ssh-connect) — thats all it takes.
The result is centralized, auditable SSH access thats easy to use and built to scale with your infrastructure.
Reference in New Issue View Git Blame Copy Permalink